What happened
A single-author example/reference repository demonstrating a LangChain-based agentic customer-service memory system contains a weak-value vulnerability in its conversation history recall function, allowing potential cross-session memory disclosure. Published to NVD July 4, 2026, CVSS 3.1 (Low).
Why it matters
Illustrates a common real-world agentic-memory design flaw (predictable conversation/session IDs) that could leak one user's LLM conversation history to another; blast radius is narrow since this is a demonstration/reference repo rather than a widely-deployed production framework.
Attack vector
The get_conversation_history function in the LangChain-based memory recall handler (08_agentic_system/memory/langchain/code/smart_customer_service.py) uses a weak/predictable identifier when retrieving stored conversation history, potentially allowing an attacker to access another user's conversation memory.
Affected systems
ForceInjection AI-fundermentals 2.0/3.0 (smart_customer_service.py LangChain memory example)
Mitigation
Use cryptographically strong, unpredictable session/conversation identifiers; review the referenced commit for the vendor's remediation approach.